Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Cyberespionage: ‘This Isn’t a Problem That Can Be Solved’

The issue of cyberespionage is a thorny one, both technically and politically speaking, but some experts say there may not actually be a solution to the problem.

WASHINGTON–Gentlemen may not read each other’s mail, as Henry Stimson famously said so long ago, but in today’s world they certainly steal it and there’s precious little in the way of gentlemanly conduct happening in the realm of cyberespionage. It’s every man—or country—for himself in this environment, and that free-for-all is creating unforeseen consequences for governments and their citizens around the world.

The topic of cyberespionage, once a subject of discussion among security experts and intelligence analysts, has become a political football in the last couple of years, with diplomats and elected officials from the United States, China, Germany and many other countries decrying such attacks from their adversaries. The issue is a thorny one, both technically and politically speaking, and while there have been a number of potential solutions or responses forwarded—from hacking back to economic sanctions—some experts say there may not actually be a solution to the problem.

“This isn’t a problem that can be solved. Don’t think it has a solution.”

“This isn’t a problem that can be solved. Don’t think it has a solution,” Joel Brenner, former head of national counterintelligence at the Office of the Director of National Intelligence and former senior counsel at the NSA, said in a keynote speech at the Kaspersky Government Cybersecurity Forum here Tuesday. “We are economically interdependent with the Chinese in an extraordinary way.”

Brenner pointed out a number of factors that have hoped lead to the current state of affairs, including the interconnection of virtually every conceivable asset and what he says has been the stasis in defensive thinking and operations in the last 10 years or so.

“If you thought the state of cyber defense had become substantially better in the last ten years, you’d be wrong,” he said. “We’ve been walking backward on cybersecurity for more than a decade and we’ll continue to walk backward unless and until we can address the core issues. The defensive stance needs to change from filter and guard to hunt and kill.”

The animosity between the U.S. and China and other countries over cyberespionage and the theft of intellectual property has been simmering for several years now, and it has resulted in plenty of vague assertions and accusations from both sides, and some not-so-vague ones as well. U.S. officials maintain that American intelligence agencies don’t use their attacks on foreign adversaries in order to gain economic advantages for American companies, something that they say China and other governments do on a regular basis.

“I don’t think anyone’s hands are clean,” said Howard Schmidt, former White House cybersecurity adviser under President Barack Obama and a former security adviser to President George W. Bush.

Brenner said that the current environment is something that businesses and government agencies must grow accustomed to.

“The vulnerability of our financial sector is there for all to see. And our power sector is just as bad. This is what the grey space between war and peace looks like, and we are in it,” he said.

Theft of intellectual property is one thing, and it’s a constant threat for many enterprises, small, medium and large. But the other threat that Brenner sees as a major concern for the U.S. is the connectivity of so many critical assets to the Internet and the potential for serious consequences in the event of a major attack.

“What’s to be done? The first thing would be to isolate from the Internet the industrial control systems,” Brenner said. “Connecting the grid to the Internet may have brought efficiencies, but it was foolhardy. There are daunting cross-sector interdependencies that I don’t think we understand well enough.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.